[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: SMTP Message Submission to Proposed Standard
Sorry Dave, but I have to agree with Perry. I really am not certain
what requirements are being met. I am just now catching up on this
thread, the early messages were hidden among a Flaming fest, but I think
I've read the relevant material.
And I am not sure why there is an ietf-submit mailing list, when there
is not a WG?
The problem that I have had with certain mail programs, such as Netscape
Communicator and Qualcomm Eudora to name names, is they won't work
without a submission host. So, I cannot use them. Most of my email
addresses have no submission host and are not located anywhere near my
point of submission. I expect to send my email direct to the
destination in most cases, modified by MX as appropriate.
And I know of no competently programmed client that does not format
message envelopes correctly. Adding FQDNs is a bogus leftover from
pre-DNS days. Get rid of it. And forget about limited code for "thin"
clients -- the GUI takes much more space than SMTP formatting.
The only true requirement that I can see is that we need better
enforcement of SMTP fields, and more checks for accuracy. If it doesn't
have a valid resolvable MAIL FROM, From:, et alia, then drop the message
into the bit bucket!
All that is needed is just clarifying consolidation of existing
documents, and a little BCP work. No need for a new protocol or port.
The kind of stuff that I thought DRUMS was already doing!
Quite frankly, the whole argument about spam is a red herring. Nothing
about splitting into submission and relay will mitigate spam without
authentication verification at every hop.
Moreover, the concept of adding "authenticated" submission and relay to
the message transport is ludicrous. Folks are complaining about how
long it takes to submit or relay now -- how about adding a nice
Diffie-Hellman exchange with a couple of RSA/DSA signatures and
verifications? About 30-45 seconds of CPU and added RTT per message per
hop.... That's what is required to scale! (AUTH is a waste of effort.)
We already have IPSec, TLS, and SecSh. Pick one. Stop reinventing the
> From: Dave Crocker <dcrocker@xxxxxxxxxxxxxxx>
> At 11:41 AM 5/11/98 -0400, Perry E. Metzger wrote:
> >You know, somehow I've been surviving with SMTP for this for years,
> >and it works well for myself and my users. I really am not certain why
> >this sudden critical need has arrived. Perhaps the hundreds of
> >thousands of people using SMTP for this purpose are mistaken and only
> >*think* it works.
> The need is not "sudden". The topic was under discussion for quite awhile,
> as in a couple/few years.
> The need HAS been made MORE urgent by the onset of spam problems and the
> need to treat submission markedly different from relaying.
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32